Friendly and non-friendly Iframes

When working with iframes, there are certain security precautions that cause impediments on the execution of an ad. There are two types of iframe that can be present on a site.

Friendly iframe

A friendly iframe is an iframe that shares the same domain as the main page it is hosted on. This generally means that the content is trusted and hence, can ‘break out’ of the iframe and manipulate the content on the hosting page.

Non-friendly iframe

A non-friendly iframe’s content is hosted under a different domain to that which the iframe tag is hosted on. Under the same origin policy, the content of the iframe cannot interact with the page on which it is hosted.

Solution

The solution for this, to allow rich media ad content to break out of the iframe and render on the hosting site, is to include an iframe proxy or ‘iframe buster’ script on your server. As this is hosted on the same domain, the ad script will create a friendly iframe in which to host our ad which can then break out of and into the main page.

To use this on your site, first download the iframe proxy script (Right click link and “Save As…”).

Next, upload it to your site so that it is available on the following url:

publisherdomain.com/adtech/iframeproxy.html

Where ‘publisherdomain.com’ is the domain of the hosting site. This file will need to be available from all domains (and sub domains) that the ad could be delivered from (e.g publisherdomain.com, publisherdomain.us, publisherdomain.co.uk, sub.publisherdomain.eu)